✨ feat: Support sarif reporter which uses Code Scanning

Author: blooper05

.github/workflows/test.yml

@@ -58,3 +58,17 @@ jobs:
       - name: check the exit code
         if: ${{ !success() }}
         run: echo 'The previous step should fail' && exit 1
+
+  test-sarif:
+    name: runner / rails_best_practices (sarif)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      - uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f  # v1.227.0
+        with:
+          ruby-version: ruby
+      - uses: ./
+        with:
+          reporter: sarif
+          # workdir: ./testdata/
+          # output_dir: ../../reviewdog-results

README.md

@@ -34,13 +34,13 @@ inputs:
     description: Report level for reviewdog [info,warning,error].
     default: error
   reporter:
-    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check].
+    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check,sarif].
     default: github-check
   filter_mode:
     description: |
       Filtering mode for the reviewdog command [added,diff_context,file,nofilter].
-      Default is added.
-    default: added
+      Default is `added` except that sarif reporter uses `nofilter`.
+    default: ''
   fail_on_error:
     description: |
       Exit code for reviewdog when errors are found [true,false].
@@ -49,6 +49,9 @@ inputs:
   reviewdog_flags:
     description: Additional reviewdog flags.
     default: ''
+  output_dir:
+    description: Output directory of reviewdog result. Useful for -reporter=sarif
+    default: ../reviewdog-results
   ### Flags for rails_best_practices ###
   rails_best_practices_version:
     description: rails_best_practices version

action.yml

@@ -17,13 +17,13 @@ inputs:
     description: Report level for reviewdog [info,warning,error].
     default: error
   reporter:
-    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check].
+    description: Reporter of reviewdog command [github-check,github-pr-review,github-pr-check,sarif].
     default: github-check
   filter_mode:
     description: |
       Filtering mode for the reviewdog command [added,diff_context,file,nofilter].
-      Default is added.
-    default: added
+      Default is `added` except that sarif reporter uses `nofilter`.
+    default: ''
   fail_on_error:
     description: |
       Exit code for reviewdog when errors are found [true,false].
@@ -32,6 +32,9 @@ inputs:
   reviewdog_flags:
     description: Additional reviewdog flags.
     default: ''
+  output_dir:
+    description: Output directory of reviewdog result. Useful for -reporter=sarif
+    default: ../reviewdog-results
   ### Flags for rails_best_practices ###
   rails_best_practices_version:
     description: rails_best_practices version
@@ -58,8 +61,13 @@ runs:
         INPUT_FILTER_MODE: ${{ inputs.filter_mode }}
         INPUT_FAIL_ON_ERROR: ${{ inputs.fail_on_error }}
         INPUT_REVIEWDOG_FLAGS: ${{ inputs.reviewdog_flags }}
+        INPUT_OUTPUT_DIR: ${{ inputs.output_dir }}
         INPUT_RAILS_BEST_PRACTICES_VERSION: ${{ inputs.rails_best_practices_version }}
         INPUT_RAILS_BEST_PRACTICES_FLAGS: ${{ inputs.rails_best_practices_flags }}
+    - if: inputs.reporter == 'sarif'
+      uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5  # v3.28.11
+      with:
+        sarif_file: ${{ inputs.output_dir }}
 
 # Ref: https://haya14busa.github.io/github-action-brandings/
 branding:

script.sh

@@ -1,10 +1,16 @@
-#!/bin/sh
+#!/bin/bash
 set -e
 
 if [ -n "${GITHUB_WORKSPACE}" ]; then
   cd "${GITHUB_WORKSPACE}/${INPUT_WORKDIR}" || exit
 fi
 
+mkdir -p "${INPUT_OUTPUT_DIR}"
+OUTPUT_FILE_NAME="reviewdog-${INPUT_TOOL_NAME}"
+if [[ "${INPUT_REPORTER}" == "sarif" ]]; then
+  OUTPUT_FILE_NAME="${OUTPUT_FILE_NAME}.sarif"
+fi
+
 export REVIEWDOG_GITHUB_API_TOKEN="${INPUT_GITHUB_TOKEN}"
 
 echo '::group::🐶 Installing rails_best_practices ... https://github.com/flyerhzm/rails_best_practices'
@@ -42,7 +48,9 @@ rails_best_practices --without-color --silent . ${INPUT_RAILS_BEST_PRACTICES_FLA
     -filter-mode="${INPUT_FILTER_MODE}" \
     -fail-on-error="${INPUT_FAIL_ON_ERROR}" \
     -level="${INPUT_LEVEL}" \
-    ${INPUT_REVIEWDOG_FLAGS}
-exit_code=$?
+    ${INPUT_REVIEWDOG_FLAGS} |
+  tee "${INPUT_OUTPUT_DIR}/${OUTPUT_FILE_NAME}"
+
+exit_code=${PIPESTATUS[1]}
 echo '::endgroup::'
-exit $exit_code
+exit "$exit_code"